OWASP [part 1] and ClickJacking defense in .NET

Love it, you have to love it. OWASP is one of my favourite “.org” and if you want to know about security, it will become also yours.

Now, this is a late night post and it’s more a reminder for me than something for you: tomorrow I will post some security issues I am working on and, clearly, some freshly baked .NET code to protect your website (and to check if it’s vulnerable or not).

In the meantime i leave you something coming huge these days: ClickJacking (did you hear about “twitter worm” or “facebook like stealer”?). The wikipedia definition is awful, but dear OWI has a good one (https://www.owasp.org/index.php/Clickjacking). Just to make it simple: ClickJacking uses iframe properties to put a mask on top of a specific page and hide the content except some part of the page (usually buttons): the result is that you press what you don’t know you’re pressing [simple enough?]

(*) every time you see code, you have to substitute what’s contained in bracket with your values… and remember: when you work on existing code, always enable new behavior using a configuration, so you can control regressions!